[PATCH] drm/atomic: Clear crtcs, connectors and planes when clearing state

[PATCH] drm/atomic: Clear crtcs, connectors and planes when clearing state

[Ander Conselvan de Oliveira]

Users of the atomic state assume that if the pointer to a crtc, plane or
connector is not NULL in the respective object vector, than the state
for that object in *_states vector also won't be NULL. That assumption
was broken by drm_atomic_state_clear(), which would clear the state
pointer but leave the pointer to the object still set.

This fixes a NULL pointer dereference in i915 caused by the use of
drm_atomic_state_clear().

Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
---
 drivers/gpu/drm/drm_atomic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
index 5d3abe3..00ea881 100644
--- a/drivers/gpu/drm/drm_atomic.c
+++ b/drivers/gpu/drm/drm_atomic.c
@@ -134,6 +134,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
 
 		connector->funcs->atomic_destroy_state(connector,
 						       state->connector_states[i]);
+		state->connectors[i] = NULL;
 		state->connector_states[i] = NULL;
 	}
 
@@ -145,6 +146,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
 
 		crtc->funcs->atomic_destroy_state(crtc,
 						  state->crtc_states[i]);
+		state->crtcs[i] = NULL;
 		state->crtc_states[i] = NULL;
 	}
 
@@ -156,6 +158,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
 
 		plane->funcs->atomic_destroy_state(plane,
 						   state->plane_states[i]);
+		state->planes[i] = NULL;
 		state->plane_states[i] = NULL;
 	}
 }
-- 
2.1.0

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [Intel-gfx] [PATCH] drm/atomic: Clear crtcs, connectors and planes when clearing state

[Daniel Vetter]

On Mon, Mar 30, 2015 at 10:41:19AM +0300, Ander Conselvan de Oliveira wrote:
> Users of the atomic state assume that if the pointer to a crtc, plane or
> connector is not NULL in the respective object vector, than the state
> for that object in *_states vector also won't be NULL. That assumption
> was broken by drm_atomic_state_clear(), which would clear the state
> pointer but leave the pointer to the object still set.
> 
> This fixes a NULL pointer dereference in i915 caused by the use of
> drm_atomic_state_clear().
> 
> Cc: dri-devel@lists.freedesktop.org
> Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>

Oops. Applied to topic/drm-misc.

Thanks, Daniel
> ---
>  drivers/gpu/drm/drm_atomic.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
> index 5d3abe3..00ea881 100644
> --- a/drivers/gpu/drm/drm_atomic.c
> +++ b/drivers/gpu/drm/drm_atomic.c
> @@ -134,6 +134,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
>  
>  		connector->funcs->atomic_destroy_state(connector,
>  						       state->connector_states[i]);
> +		state->connectors[i] = NULL;
>  		state->connector_states[i] = NULL;
>  	}
>  
> @@ -145,6 +146,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
>  
>  		crtc->funcs->atomic_destroy_state(crtc,
>  						  state->crtc_states[i]);
> +		state->crtcs[i] = NULL;
>  		state->crtc_states[i] = NULL;
>  	}
>  
> @@ -156,6 +158,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
>  
>  		plane->funcs->atomic_destroy_state(plane,
>  						   state->plane_states[i]);
> +		state->planes[i] = NULL;
>  		state->plane_states[i] = NULL;
>  	}
>  }
> -- 
> 2.1.0
> 
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH] drm/atomic: Clear crtcs, connectors and planes when clearing state

[shuang.he]

Tested-By: PRC QA PRTS (Patch Regression Test System Contact: shuang.he@intel.com)
Task id: 6090
-------------------------------------Summary-------------------------------------
Platform          Delta          drm-intel-nightly          Series Applied
PNV                                  270/270              270/270
ILK                 -1              303/303              302/303
SNB                                  304/304              304/304
IVB                                  337/337              337/337
BYT                                  287/287              287/287
HSW                 -1              361/361              360/361
BDW                                  309/309              309/309
-------------------------------------Detailed-------------------------------------
Platform  Test                                drm-intel-nightly          Series Applied
*ILK  igt@gem_unfence_active_buffers      PASS(2)      DMESG_WARN(1)PASS(1)
(dmesg patch applied)drm:i915_hangcheck_elapsed[i915]]*ERROR*Hangcheck_timer_elapsed...bsd_ring_idle@Hangcheck timer elapsed... bsd ring idle
*HSW  igt@gem_storedw_loop_bsd      PASS(2)      DMESG_WARN(1)PASS(1)
(dmesg patch applied)drm:i915_hangcheck_elapsed[i915]]*ERROR*Hangcheck_timer_elapsed...bsd_ring_idle@Hangcheck timer elapsed... bsd ring idle
Note: You need to pay more attention to line start with '*'
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx